Try it with +cd and see if that fixes it. The DNSSEC stuff for this domain is all borked up -- sufficiently that I felt like I was playing snakes and ladders while looking at: http://dnsviz.net/d/extranet.aro.army.mil/dnssec/ On Thu, May 31, 2018 at 5:45 PM John Miller <johnm...@brandeis.edu> wrote: > > Hi Con, > > May I suggest running dig +trace extranet.aro.army.mil from your > nameserver? That'll make the delegation process explicit and help you > troubleshoot a little better. It could be that one of the three main > army.mil nameservers is unreachable by your ns for some reason > (routing being a likely culprit). > > John > > On Thu, May 31, 2018 at 5:29 PM, Con Wieland <cwiel...@uci.edu> wrote: > > and here they are but I don’t see anything indicating what the problem > > might be > > > > 31-May-2018 13:56:01.150 queries: info: client 128.200.1.20#37203 > > (extranet.aro.army.mil): view internal: query: extranet.aro.army.mil IN A > > +E (128.200.1.201) > > 31-May-2018 13:56:01.151 resolver: debug 1: createfetch: > > aro.army.mil.edgekey.dmz.akamai.csd.disa.mil A > > 31-May-2018 13:56:06.153 queries: info: client 128.200.1.20#37203 > > (extranet.aro.army.mil): view internal: query: extranet.aro.army.mil IN A > > +E (128.200.1.201) > > 31-May-2018 13:56:06.153 resolver: debug 1: createfetch: > > aro.army.mil.edgekey.dmz.akamai.csd.disa.mil A > > 31-May-2018 13:56:11.158 queries: info: client 128.200.1.20#37203 > > (extranet.aro.army.mil): view internal: query: extranet.aro.army.mil IN A > > +E (128.200.1.201) > > 31-May-2018 13:56:11.158 query-errors: debug 1: client 128.200.1.20#37203 > > (extranet.aro.army.mil): view internal: query failed (SERVFAIL) for > > extranet.aro.army.mil/IN/A at query.c:7215 > > 31-May-2018 13:56:11.158 resolver: debug 1: createfetch: > > aro.army.mil.edgekey.dmz.akamai.csd.disa.mil A > > 31-May-2018 13:56:21.168 query-errors: debug 1: client 128.200.1.20#37203 > > (extranet.aro.army.mil): view internal: query failed (SERVFAIL) for > > extranet.aro.army.mil/IN/A at query.c:7215 > > > >> On May 31, 2018, at 12:51 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > >> > >> > >> > >> Am 31.05.2018 um 21:42 schrieb Con Wieland: > >>> agreed but why would my server not resolve it while others do? > >> > >> ask the logs of 128.200.1.201 > >> > >> ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> extranet.aro.army.mil > >> ;; global options: +cmd > >> ;; Got answer: > >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56491 > >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > >> ;; SERVER: 128.200.1.201#53(128.200.1.201) > >> > >>>> On May 31, 2018, at 12:16 PM, Reindl Harald <h.rei...@thelounge.net> > >>>> wrote: > >>>> > >>>> > >>>> > >>>> Am 31.05.2018 um 21:09 schrieb Con Wieland: > >>>>> I have a nameserver that can not resolve extranet.aro.army.mil. > >>>> > >>>> terrible slow and insane config - fix it > >>>> > >>>> https://intodns.com/aro.army.mil > >>>> > >>>> ;; Query time: 1175 msec > >>>> ;; SERVER: 127.0.0.1#53(127.0.0.1) > >>>> ;; WHEN: Do Mai 31 21:12:26 CEST 2018 > >>>> ;; MSG SIZE rcvd: 247 > >>>> > >>>> ;; Query time: 1109 msec > >>>> ;; SERVER: 8.8.8.8#53(8.8.8.8) > >>>> ;; WHEN: Do Mai 31 21:12:52 CEST 2018 > >>>> ;; MSG SIZE rcvd: 191 > >>>> > >>>> ;; ANSWER SECTION: > >>>> aro.army.mil. 2022 IN NS ns03.army.mil. > >>>> aro.army.mil. 2022 IN NS ns02.army.mil. > >>>> aro.army.mil. 2022 IN NS ns01.army.mil. > >>>> > >>>> ;; Query time: 163 msec > >>>> ;; SERVER: 192.82.113.7#53(192.82.113.7) > >>>> ;; WHEN: Do Mai 31 21:15:37 CEST 2018 > >>>> ;; MSG SIZE rcvd: 98 > >>>> Warn SOA REFRESH WARNING: Your SOA REFRESH interval is: 900. > >>>> That is > >>>> not so ok > >>>> Warn SOA RETRY Your SOA RETRY value is: 90. That is NOT OK > >> > > > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > > > -- > John Miller > Senior Systems Engineer > Brandeis University ITS > johnm...@brandeis.edu > (781) 736-4619 > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
-- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
